Called Oldboot, the malware is “designed to re-infect mobile devices even after a thorough cleanup.” Apparently, the program resides in the memory of infected devices, and it modifies “devices’ boot partition and booting script file to launch system service and extract malicious application during the early stage of system’s booting.”

Versions of the program are so sophisticated that they can perform various stealthy operations including fighting detection and antivirus apps. The Oldboot family is the “most significant demonstration” of fighting against antivirus, malware analyzer and automatic analysis tools, according to researchers from Chinese security firm 360 Mobile Security.

According to these reports, Oldboot.B Android Bootkit malware can install malicious apps silently in the background, inject malicious modules into system process, prevent malware apps from uninstalling, modify the browser’s homepage, uninstall and disable installed Mobile Antivirus software. The malware is even able to run code hidden in images, a technique known as steganography.

Despite its advanced features though, it would appear that 360 Mobile Security has a free tool to detect and remove it.

It’s not clear though what the purpose of the malware is, or where it’s being picked up from, but infected devices can apparently send fake SMS messages, start phishing attacks, and other activities. “Driven by profit, the Oldbook Trojan family changes very fast to react to any situation,” researchers said. It’s also not clear what devices are most likely to be infected, and whether certain devices are more prone to infection than others.